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Abstract — We adress the problem of the algebraic decoding 
of any cyclic code up to the true minimum distance. For this, 
we use the classical formulation of the problem, which is to find 
the error locator polynomial in terms of the syndroms of the 
received word. This is usually done with the Berlekamp-Massey 
algorithm in the case of BCH codes and related codes, but for 
the general case, there is no generic algorithm to decode cyclic 
codes. Even in the case of the quadratic residue codes, which are 
good codes with a very strong algebraic structure, there is no 
available general decoding algorithm. 

For this particular case of quadratic residue codes, several 
authors have worked out, by hand, formulas for the coefficients 
of the locator polynomial in terms of the syndroms, using the 
Newton identities. This work has to be done for each particular 
quadratic residue code, and is more and more difficult as the 
length is growing. Furthermore, it is error-prone. 

We propose to automate these computations, using elimina- 
tion theory and Grobner bases. We prove that, by computing 
appropriate Grobner bases, one automatically recovers formulas 
for the coefficients of the locator polynomial, in terms of the 
syndroms. 

Index Terms — Algebraic decoding, general cyclic codes, New- 
ton identities, elimination theory, Grobners bases. 

I. Introduction 

There is a longstanding problem of efficiently decoding 
binary quadratic residue codes. For each prime number / such 
that 2 is a quadratic residue modulo I, there exists essentially 
one such code. It is a cyclic code of length I, whose defining 
set if the set of the quaratic residue modulo I. It is proven that 
the minimu distance of these codes is at least [v^J (the square- 
root bound). But compiled tables show that the minimum 
distance of these codes is much better than this bound, and it is 
an open question to find or to estimate the minimum distance 
of these codes, althought some progress has been achieved [1]. 

Up to date, there is no general decoding algorithm for 
the whole class of quadratic residue codes. Several efforts 
have been put up for particular cases, that is to say for each 
particular length, mainly by Chen, Truong, Reed, Helleseth 
and others [2], [3], [4], [5], [6], [7], [8], [9], for the lengths 
31, 23, 41, 73, 47, 71, 79, 97, 103 and 113. All these decoding 
algorithms are based on the Newton identities, which involve 
the so-called error locator polynomial and the syndroms of 
the received word. These Newton identites are to be written 
for each particular length, and then to be worked out for 
isolating the coefficients of the locator polynomial in terms of 
the syndroms, while eliminating the unknown syndroms, which 
appear in the Newton identities. This elimination procedure 



is hand crafted by the authors. So it is tedious, prone to 
errors, and the authors eventually fail to find formulas for the 
coefficients of the locator polynomial. 

A separate path of research has been to use the theory of 
Grobner bases for decoding any cyclic code. It was originated 
by Cooper [10], [11], [12], althought the results were un- 
proven. Cooper uses an algebraic system of equations, closely 
related to the decoding problem, but different from the Newton 
identities. These works only deal with BCH codes. Later, these 
algebraic systems have been studied by Loustaunau and von 
York [13], Caboara and Mora [14], for any cyclic code, and 
they give proofs of the statements by Cooper. In this vein 
of research, one studies the ideal generated by the system 
of equations, and tries to prove that the symbolic locator 
polynomial belongs to this ideal. Then this polynomial can 
be found by the computation of a Grobner with respect to a 
relevant ordering on the monomials. 

Another system defined by the Newton identities has been 
considered by Chen, Helleseth, Reed and Truong [15] (see 
also [16], [17]). In that case, the aim is to prove that the 
ideal generated by the Newton identities contains, for each 
coefficient er, of the locator polynomial, a polynomial of 
whose leading monomial is of degree one in <7j, and that this 
polynomial does not involve the unkown syndroms. 

II. Our contribution 

We have already discussed the use of Grobner bases for 
decoding cyclic codes [18] with a system different from the 
Newton identities. At that time, we discussed the computation 
of Grobner basss online: for each received word, one computes 
the syndroms, and subsitutes them into an algebraic system of 
equations. Then the computation of the Grobner basis gives 
the coefficients of the locator polynomials, which are sought 
for. 

In this work, we discuss the idea of precomputing the 
Grobner basis of a system in which the syndroms are left as 
indeterminates. Then we show that this Grobner basis leads to 
formulas for the coefficients of the locator polynomial. This 
is called one-step decoding. 

Still, there is the problem that these formulas for the 
coefficients oVs of the locator polynomial are of the form 
PiO~i + qi = 0, where pi, qi involve only the syndroms. Thus 
finding cr, can be done as follows 

qi 

0~i = — , 

Pi 



which may lead to a division by zero, when the actual values 
of the syndromes are substituted into p t . 

Our second contribution is to introduce a new ideal, which 
contains formulas of the form a i J rq i = 0. Thus finding the 
<7j's do not involve any division after substitution. 

III. Definitions 

We consider only binary cyclic codes. Let n be the length, 
which is odd, and a be a primitive n-th root of unity in some 
extension F 2 ™ of F2. To each binary word c = (co, . . . , c„_i) 
of length n, is associated the polynomial cq + c\X + ■ ■ ■ + 
Cn-iX 11 ^ 1 . The Fourier Transform of c is the vector S = 
(So, . . . , S n -i), with Si = c(a l ). A cyclic code is built by 
considering a defining set Q — {i\, . . . , i{\ C {0, 1, . . . , n — 
1}. The cyclic code C of defining set Q is then the set of 
words whose Fourier Transform satisfies 

Si 1 = • • • = Si l = 0. 

Let y € F 2 the received word, to be decoded. As usual, we 
write y = c + e, where c is the codeword, and e is the error. 
We compute the Fourier Transform S of y, and for i £ Q, we 
have: 

Si = y(a l ) = c(a z + e(a l ) = e(a l ), i £ Q, 

since c £ C. The Si's, i £ Q are called the syndroms of e, 
and the Sj 's, j £" Q are the unknown syndroms. The decoding 
problem is to find e given the syndroms Si's, i £ Q, under the 
constraint that the weight of e is bounded by t = [^-\ , where 
d is the minimum distance of C, and the decoding radius of 
C. 

IV. The Newton's identities 

Let the error e be of weight w, and let Mi , . . . , u w the indices 
of the non zero coordinates of e. These indices are encoded 
in the locator polynomial a(Z), defined as follows: 

w w 

a(Z)=l[(l-a u *Z) = J2viZ i , 

i=l i=0 

where o\ , . . . , a w are the elementary symmetric functions of 
a" 1 , . . . , a Ul , which are called the locators of e. We note by 
Z\ , . . . , Z w the locators of e. Finding e is equivalent to finding 
a(Z), and the problem is considered to be solved when a(Z) 
is found, thanks to the Chien search [19]. 

The Newton identities relate the elementary symmetric 
functions of the locators of e to the coefficients of the Fourier 
Transform of e. They have the following form (see [20]): 

i-l 

\ Si + ^2 VjSi-j + — 0, i< w, 

j Z' (i) 

Si + o-jSi-j — 0, w < i < n + w. 

Note that the indices of the Si are cyclic, i.e. Si+ n = Si. In 
these equations, there are the <7j's, that we are looking for, the 
Si, i £ Q, and the Si's, i Q, that we try to eliminate. Our 
objective is to find an expression of the c^'s in terms of the 

Si's, i £ Q. 



V. Elimination theory 

We consider the ideal In,w, generated by the Newton 
identities: 

i-l 

/ Si + ^2°jSi-j + icri, i<w . 

In, w :( >t V (2) 

Si + ^ ajSi-j, n + w > i > w ' 
3=1 

Let us note by a the set of the variables a\, . . . , a w , by Sq 
the set {Si; i £ Q}, and Sn the set {Si, i £" Q}. Then we have 
that In, w is an ideal in the polynomial algebra F 2 [cr, Sq,Sn]- 

A Grobner basis of an ideal I is a particular set of 
generators of /, which is well behaved with respect to various 
operations: it enables to test equalities of ideals, to test ideal 
membership and so on. Due to lack of space, we will not 
recall to formal definition here, which can be found in [21]. 
We recall that this notion depends on a monomial ordering: for 
each particular monomial ordering there exists a corresponding 
Grobner basis. Of utmost importance for us are the following 
considerations [21]. 

Definition 1: Let / C F 2 [xi, . . . , x m \. Then the ideal 

h = Ir\W 2 [x k+ i,...,x Tn \ 

is the fc-th elimination ideal. It is the set of all the relations 
that can be obtained on Xk+i, ■ ■ ■ , x m , by elimination of the 
k first variables x\,. . . ,Xk- 

Proposition 1: Let I C F 2 [xi, . . . , x m ] be an ideal and let 
G be a Grobner basis for the lexicographical ordering, with 
x\ > ■ ■ ■ > x n . Then, the set 

G fc = GnF 2 [i Wr ..,i ra ] 

is a Grobner basis of the fc-th elimination ideal Ik = 

I¥ 2 [x k+ i, . . . ,x m ]. 

Thus it is sufficient to compute a single Grobner G, and to 
retain the relevant polynomials, to eliminate the unwanted 
variables. For the problem of decoding, we get: 

Proposition 2: Let be given a monomial ordering such that 
the S^s, i £" Q are greater than the Si's, i £ Q, and the cr/s. 
Let G be a Grobner basis of In,w f° r this ordering. Then 

Gn¥ 2 [a,S Q ] 

is a Grobner basis of the elimation ideal In, w H F 2 [cr, Sq]. 

This means that, if we compute a Grobner basis of I N _ W for 
a relevant ordering, we find a (finite) basis of all the relations 
between the <7j's and the Si's, i £ Q. The problem is that 
these relations may not be of degree one in the crj's. Our aim 
is to prove that there exists relations of the form piUi + qt in 
this ideal, where Pi,qt £ F 2 [S'q]. 

VI. The variety associated to the Newton 
identities 

First we have to study V(In, w ) the variety associated to 
the ideal In,w It is the set of all <7j's, Si's, which satisfy the 
Newton identities. Note that we consider this variety in F 2 , 



the algebraic closure of F2. We have the following Theorem, 
which is an extension of the main result of [22]. 

Theorem 1: Let (a, S) be in V(In, w ), with a = 
(ai,...,a w ) g F™ and S = (S , S„_i) G F£. Let e 
be the inverse Fourier Transform of S. Note that a priori e 
has coordinates in F 2 . Then 

1. the weight of e is less than w; 

2. e has indeed coordinates in F 2 ; 

3. if <j(Z) is the polynomial 

w 

i=l 

and if a e (Z) is the locator polynomial of e, then there exists 
an integer I and a polynomial G(Z) such that 

a(Z) = a e {Z)G(Z) 2 Z l . 
Proof: Ommitted due to lack of space. ■ 
From the NullStellenSatz [21], we have: 

Corollary 1: Let In,w l~l ^2[Sq, Sn] be the elimination 
ideal of the cr/s. If I N>W is radical, then I NjW n F 2 [5q, Sjv] 
is the set of all the relations between the coefficients of 
the Fourier Transform of the binary words of weight less 
than w. Furthermore, if we eliminate the Si's, i g Q, then 
In,w H W 2 [Sq} is the set of all the relations betwen the 
syndroms of the words of weight less than w < t. 

Corollary 2: Let Sq^ be the set of syndroms of some word 
e. Let T w be a basis of I/v,j«nF 2 [Sq], then e has weight w < t 
if and only if 

t{S Qt e) = 0,for all t g T v , for all v < w. (3) 

VII. Radical ideals 

In the above, we have stumbled on the difficulty on proving 
that 7jv,u, is a radical ideal. We believe it is, but we have not 
been able to prove it. To overcome this difficulty, we consider 
the ideal 1% w , where we add the "field equations" to ensure 
that the crj's and the Si's belong to the field F 2 ™. It is the 
ideal 

T ,/ Sf+Si,iG {0,...,n-l}, \ 

Thanks to these field equations, the ideal w is radical, and 
has dimension zero (it has a finite number of solutions). It is 
a consequence of [23, Chap. 2, Prop. 2.7], which implies that, 
if an ideal contains, for each variable, a squarefree univariate 
polynomial in this variable, then it is radical. 
One can prove the following. 

Theorem 2: For each binary word e of weight w less than t, 
for each i e {1, . . . , w}, the ideal 1^ w contains a polynomial 

ViO-% + 

with pi, qi g F 2 [Sq] such that pi(SQ. e ) ^ 0, where Sq^ is 
the set of the syndroms of e. 

Proof: Ommitted due to lack of space. ■ 
Thus the decoding algorithm could be: 
1) (precomputation) For each w g {l,...,t}, compute a 
Grobner basis G w of 1% w , for an ordering such that 



the Si, i £ Q, are greater than the <t,'s which in turn 
are greater than the Sis, i g Q; 

2) (precomputation) from each Grobner basis G w , for each 
i, collect all the relations piOi + q i7 call E Wi j this set; 

3) (precomputation) from each Grobner basis G w , collect 
the polynomials in G w n F 2 [5q], call T w this set of 
polynomials; 

4) (online) for each received word y, compute the syndroms 
&Q,y — ^Q>e> where e is the error to be found; 

5) (online) find the weight w e of e using the criterion (3). 

6) (online) for each i g {1, . . . , w e }: 

a) find the relation p^Oi + qi g E ffie j such that 

Pi(S Qe )^0 

b) solve for cr^: 

There are two difficulties with this approach. First, the 
Grobner basis can contain many polynomials of the form 
Pi(j + qi, i g {1, . .. , w}, as we have observed on examples. 
Second, the field equations of the type of +<7j, and Sf +Si 
can be of large degree, even though the length of the code is 
moderate. For instance, in the case of the quadratic residue 
code of length 41, the splitting field is F 2 2o = Fi 48576- 
This means that 1% w contains equations of degree more than 
one million, and the computation of the Grobner basis is 
intractable. 

It is natural to try to remove the field equations, and to 
consider the ideal In, w without the field equations. 

VIII. An augmented ideal 

The difficulty, as mentionned above, is that we have not 
proven that Im, w is a radical ideal, which is a necessary 
ingredient, among others, to prove Theorem 2. We will build 
an ideal which contains In, w , which is radical, and which 
will contain "nice" formulas. First we introduce the ideal I a 
corresponding to the definitions of the elementary symmet- 
ric functions, and Is corresponding to the definition of the 
coefficients of the Fourier Transform: 

la = ( o» - Z jl ...Z ji ;ie{l,...,w}); 

\ l<jl<-<ji<W I 

and 

j / Si-Y% =1 Zi, ie{l,...,n + »};\ 

5 \S i+n -Si, ie{l,...,w} /' 

Note this ideal belongs to the polynomial ring 
F 2 [ct, S, Zi, . . . , Z w ]. When we eliminate the Z-s, we 
have the following 
Proposition 3: 

(I s + Ia)nW g [S,a}=I N 
Proof: Omitted due to lack of space. ■ 
Let us introduce the following polynomial: 

A(Zi, . . . , Z w ) = Zi ■ ■ ■ Z w jQ (Zi — Zj) . 

l<i<j<w 



This polynomial has the property that, if the weight w e of e 
of the error is less than w, then one can extend the locators 
Z\, . . . , Z We into Z\, . . . , Z w , in a way such that Z\, . . . , Z w 
are zeros of A. In other words, it captures, in some sense, the 
property of being of weight strictly less than w. 

We need the definition of a saturated ideal, with respect to 
a polynomial. 

Definition 2: Let I C F[xi, . . . , x n ) be an ideal, and / e 
F[xi, . . . , x n ] be given. The saturated ideal of I with respect 
to /, denoted I : f°°, is the ideal 

I:f°° = {g € F[xi, . . . , x n ] : f m g e I for some m > 0} 

(5) 

One has that, under some restrictions, the variety associated 
to the saturated ideal / : f°°, does not contain the zeros of /. 

Proposition 4: Let I = (fi, ■ ■ ■ , f s ) C F[xi, . . . , x n ] be 
an ideal and / e ¥[x\, . . . ,x n ] be given. Let y be a new 
indeterminate. Consider 

I = •••,/*, 1-/3/) CF[n,...,i„,y], 
then/:/ 00 = I tl¥[xi, . . . ,x n ]. 

Thus the saturated ideal can be computed by a Grobner basis 
computation and elimination. Now we introduce the saturated 
ideal 

(I„ + Is) : A°° (6) 

Then 

Proposition 5: The ideal 

{I a + Is) ■ A°° 

contains the polynomials 

z? m +z h ie{i,...,w}, 

of m + <Ti,i e {1, ...,w}, 

Sf +S l ,i e {0,...,n-l}. 
Proof: Ommitted due to lack of space. ■ 
In particular, it is a radical ideal. Then, by elimination of the 
Zi's, we have the ideal I^ w : 

In, w = {(la + Is) ■ A°°) n F 2 [<7, S] D I N , W 

Note that a basis of I^ w can be computed by computing a 
Grobner basis of Jg+J (7 + (1 — yA) for an ordering eliminating 
y and Zi's, and by retaining the polynomials in terms of the 
(Tj's and the Si's. Note also that I^ w is a radical ideal. 
The variety associated to I^ w can be described as follows: 
Theorem 3: The variety V{I^ W ) is exactly the set of the 
elementary symmetric functions and the elementary power- 
sum functions of the words of weight exactly w. 

Proof: Ommitted due to lack of space. ■ 
In particular, we have: 

Corollary 3: Let SQ, e be the set of syndroms of some word 
e. Let T w be a basis of I^ w n F2[5q], then e has weight w 
if and only if 

t(S Q , e ) =0,forallteT w . (7) 
Armed with this Theorem, and with the radicality of I^ w , 
we can prove: 



Theorem 4: For each i e {l,...,w}, I^ w contains a 
polynomial of the form tJi + qi, with qi e F2[5q]. 
Note that this polynomial will appear in a Grobner basis of 
Ijf w , computed as above. 

The algorithm for decoding is 

1) (precomputation) For each w <G {1, . . . compute a 
Grobner basis G w of I^ w , written for the weight w; 

2) (precomputation) From each G w , for each i, pick the 
polynomial q itW which appears in the polynomial Oi + 
qi. w in Theorem 4. 

3) (precomputation) From each G w , pick all the polynomi- 
als in G w n F 2 [S'q], call T w this set of polynomials; 

4) (online) for each received word y, compute the syndroms 
Sq. v — Sq^, where e is the error to be found; 

5) (online) for each possible weight w of the error, find the 
weight w e of the error using the criterion (7). 

6) (online) compute Ui = qi, We {SQ,e)- 

Thus we have removed the problem of the field equations, 
and the problem of the division by zero. 

IX. Conclusion 

For the decoding of any cyclic code, up to the true minimum 
distance, we have shown how to find relations of degree one 
for the coefficients of the locator polynomials, in terms of the 
syndroms. These relations can be computed from the Newton 
identities. Then we have introduced an ideal containing the 
ideal generated by the Newton identities, which give formulas 
for the coefficient of the locator polynomial, with no leading 
terms (and thus avoiding the problem of dividing by zero). 
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